Some familiarity with the topic listed below is helpful in this course. Refer to these readings as needed.
The course projects will require the use of the Kind 2, a model checker for reactive systems and, in alternative, MATLAB/Simulink.
Introductory tutorials on the MATLAB environment and language and on Simulink can be found on the MATLAB website.
MATLAB is installed on the DIVMS labs Linux servers. You can access those machines remotely by first installing the FastX client app on your computer. See these instructions for that.
The FastX client allows you to open a full Linux desktop on you computer.
We recommend the MATE desktop.
To run MATLAB, from the MATE desktop's top menu choose
Applications > Mathematics > MatLab .
Simulink can be invoked by pushing the Simulink Library button in the Home tab.
Kind 2 is a model-checker developed at the University of Iowa,
currently available natively for Unix-like systems only.
It can be run on Windows as a Docker image.
You can install and run Kind 2 on your own computer or you can use an online version.
The online interface should be mostly self-explanatory.
More instructions may be added later.
In the meantime, here are some quick instructions on how to install Kind 2 and how to use it.
More information can be found Kind 2's GitHub page.
If you want to use Kind 2 on your own computer, you can get its latest release, in either executable or source form, from Kind 2's main website. Kind 2 runs natively on Linux and on Mac OS. It can be run on Windows via Docker.
Kind 2 requires that you also install one of the three supported backend solvers. The default is Z3, which must be downloaded and installed separately. Z3 binaries can be found here.
Note: Kind 2 does not have a GUI. It must be run in a terminal window in Linux/Mac OS. Also note that for Kind 2 to be able to use the Z3 executable, the directory where you put it must be in your execution path.
at the terminal's prompt, type:
Kind 2's features and capabilities are described in detail in its user documentation. Kind 2 analyzes models in an extension of the Lustre language. For introduction to modeling Lustre you can check the reading material for the lectures from Oct 3 through Oct 19 for CS:5810. Recordings of those lectures are available on UICapture.
To use Kind 2, you first need to prepare the Lustre file you want to check by specifying your observer node and the properties you are interested in. To do that, add the following special comment in the body of the observer node:
--%MAIN;
Then add below that one or more special comments of the form
--%PROPERTY property_name expression ;
where property_name is double quoted (") string naming the property
and expression is a Boolean expression representing an invariant property
you want to verify. For example, if x is an integer variable of the node:
--%PROPERTY "Positive" x > 0 ;
After that, you can call Kind 2 with that file.
For each property that it can verify within a given time limit or number of iterations, Kind 2 will tell you whether it is valid (i.e., invariant), invalid or unknown. For invalid ones it will provide a counter-example trace, with inputs leading to a state where the property is violated.
Note: If you want to focus only some properties, an easy way
to disable the checking of a property is to add a space between the dash and t
he % symbol in --%PROPERTY.
You can do the same with --%MAIN if you have several
observer nodes to check in the same file.
A more sophisticated way to add specification can be achieved with the use of contracts. See the Kind 2 user documentation for more information but you will not need to use contracts in the project.
The following is a selection of command-line options control Kind 2's behavior.
--help |
Prints list of all options and a brief description for them |
--timeout_wall s |
Run for s seconds of wall clock time |
--timeout_virtual s |
Run for s of CPU time |
--smtsolver sol |
Select SMT solver sol (default value: Z3; alternative: CVC4) |
--z3_bin file |
Path to executable for Z3 |